| 7036 |
2023-11-18 12:45
|
 220.exe 66b045bac49f6e2c487b456981cc6477
Gen1 UPX Malicious Library Malicious Packer Http API ScreenShot PWS HTTP Internet API AntiDebug AntiVM PE32 PE File .NET EXE OS Processor Check DLL Browser Info Stealer Malware download VirusTotal Malware RecordBreaker Buffer PE suspicious privilege MachineGuid Code Injection Malicious Traffic Check memory Checks debugger buffers extracted Creates executable files unpack itself Collect installed applications AppData folder malicious URLs sandbox evasion installed browsers check Stealer Windows Browser DNS Cryptographic key |
9
http://193.233.132.30/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
http://193.233.132.30/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
http://193.233.132.30/6b8e5e28b05311e77666794a3a73827a
http://193.233.132.30/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
http://193.233.132.30/
http://193.233.132.30/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
http://193.233.132.30/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
http://193.233.132.30/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
http://193.233.132.30/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
|
1
|
11
ET MALWARE Win32/RecordBreaker CnC Checkin M1
ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET HUNTING Possible Generic Stealer Sending System Information
|
|
14.4 |
M |
44 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7037 |
2023-11-18 12:43
|
 home.exe 0569253c2d7bbd34d6576729c420930f
Malicious Library Malicious Packer UPX PE32 PE File OS Processor Check ZIP Format Lnk Format GIF Format Browser Info Stealer Malware download FTP Client Info Stealer Email Client Info Stealer Malware Cryptocurrency wallets Cryptocurrency AutoRuns MachineGuid Check memory Creates shortcut Creates executable files unpack itself Windows utilities Collect installed applications suspicious process AntiVM_Disk sandbox evasion WriteConsoleW anti-virtualization IP Check VM Disk Size Check installed browsers check Tofsee Ransomware Windows Browser RisePro Email ComputerName DNS Software |
1
https://db-ip.com/demo/home.php?s=175.208.134.152
|
5
ipinfo.io(34.117.59.81)
db-ip.com(104.26.4.15)
104.26.5.15
34.117.59.81
194.49.94.152 - mailcious
|
7
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Token)
ET MALWARE Suspected RisePro TCP Heartbeat Packet
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (External IP)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Activity)
ET MALWARE [ANY.RUN] RisePro TCP v.0.x (Exfiltration)
ET POLICY Possible External IP Lookup Domain Observed in SNI (ipinfo. io)
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
11.8 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7038 |
2023-11-18 12:40
|
 Trhcdbhtd.exe 2a42d97acfd504a4e15577f165f63a40
AntiDebug AntiVM PE File PE64 VirusTotal Malware Buffer PE suspicious privilege MachineGuid Code Injection Check memory Checks debugger buffers extracted unpack itself malicious URLs Windows ComputerName Cryptographic key |
|
|
|
|
9.2 |
|
26 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7039 |
2023-11-18 12:40
|
 build.exe 1e723a96f93d0f5a6319413595660f4b
Malicious Library UPX PE32 PE File OS Processor Check VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.4 |
|
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7040 |
2023-11-17 18:50
|
 Magma_Menu.exe 55eba6afbb6a5123fb11252960424d3e
Gen1 Generic Malware Malicious Library ASPack UPX PE File PE64 OS Processor Check DLL ZIP Format VirusTotal Malware Check memory Creates executable files crashed |
|
|
|
|
2.6 |
M |
42 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7041 |
2023-11-17 18:47
|
 build.exe 55c69dde71aa6dc2b44ccdcc36f379ea
Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
30 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7042 |
2023-11-17 18:45
|
Copia_de_la_demanda.wsf a326a7a8ff5a700c80932dbcc4a78a9b
Generic Malware Antivirus wget powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://46.246.80.2/enviovpn.jse
|
|
|
|
5.4 |
M |
|
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7043 |
2023-11-17 18:42
|
 500strim.exe 1ed9f9bb8c6f1d5c482b4bbf61cf8ee8
UPX PE File PE64 OS Processor Check VirusTotal Malware Buffer PE suspicious privilege MachineGuid Check memory Checks debugger buffers extracted unpack itself Windows ComputerName DNS Cryptographic key |
|
1
193.233.132.13 - mailcious
|
|
|
4.4 |
M |
16 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7044 |
2023-11-17 18:41
|
 OFICIO_DE_EMBARGO_Nro_81_RAMA_... b935dc0f2d44f314601d7cc4e6e72989
Generic Malware Antivirus VirusTotal Malware powershell suspicious privilege Check memory Checks debugger buffers extracted wscript.exe payload download Creates shortcut unpack itself Check virtual network interfaces suspicious process WriteConsoleW Tofsee Windows ComputerName Cryptographic key |
3
http://apps.identrust.com/roots/dstrootcax3.p7c
https://paste.ee/d/LR45D
https://uploaddeimagens.com.br/images/004/654/536/original/new_image.jpg?1698957750
|
5
paste.ee(104.21.84.67) - mailcious
uploaddeimagens.com.br(172.67.215.45) - malware
172.67.187.200 - mailcious
121.254.136.18
104.21.45.138 - malware
|
2
ET POLICY Pastebin-style Service (paste .ee) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
|
|
9.0 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7045 |
2023-11-17 18:38
|
 build.exe 0161cdb73a523464e8caeea489bc0eef
Malicious Library PE32 PE File VirusTotal Malware PDB unpack itself Remote Code Execution |
|
|
|
|
2.2 |
M |
35 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7046 |
2023-11-17 18:37
|
 AWB_Ref#.5839077413pdf.exe 7ac9bc3020e21341f1c2d8f9e938f9e3
AgentTesla PWS SMTP KeyLogger AntiDebug AntiVM PE32 PE File .NET EXE Browser Info Stealer FTP Client Info Stealer VirusTotal Email Client Info Stealer Malware AutoRuns PDB suspicious privilege Code Injection Check memory Checks debugger buffers extracted unpack itself Check virtual network interfaces IP Check Tofsee Windows Browser Email ComputerName DNS Software crashed keylogger |
1
http://192.168.56.102:5357/017bd04f-b3bf-45b6-8167-9e8f41ff87bf/
|
4
api.ipify.org(104.237.62.212)
smtp.yandex.com(77.88.21.158)
173.231.16.77
77.88.21.158
|
5
ET INFO External IP Lookup Domain (ipify .org) in DNS Lookup
ET INFO TLS Handshake Failure
ET INFO External IP Address Lookup Domain (ipify .org) in TLS SNI
SSLBL: Malicious JA3 SSL-Client Fingerprint detected (Tofsee)
SURICATA Applayer Detect protocol only one direction
|
|
13.0 |
|
19 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7047 |
2023-11-17 18:36
|
 update.exe bcabfc8a72168c9c59967950ba586367
Gen1 Malicious Library UPX Malicious Packer PE32 PE File DLL OS Processor Check Browser Info Stealer Malware download VirusTotal Malware RecordBreaker MachineGuid Malicious Traffic Check memory Creates executable files unpack itself Collect installed applications AppData folder installed browsers check Stealer Windows Update Browser DNS |
9
http://193.233.132.13/4b3d724e3280557cef4603019e268268
http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/vcruntime140.dll
http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/sqlite3.dll
http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/mozglue.dll
http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/freebl3.dll
http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/nss3.dll
http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/softokn3.dll
http://193.233.132.13/
http://193.233.132.13/aN7jD0qO6kT5bK5bQ4eR8fE1xP7hL2vK/msvcp140.dll
|
1
|
11
ET MALWARE Win32/RecordBreaker CnC Checkin M1
ET MALWARE Win32/RecordBreaker CnC Checkin - Server Response
ET INFO Dotted Quad Host DLL Request
ET HUNTING HTTP GET Request for nss3.dll - Possible Infostealer Activity
ET POLICY PE EXE or DLL Windows file download HTTP
ET HUNTING HTTP GET Request for vcruntime140.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for mozglue.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for freebl3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for softokn3.dll - Possible Infostealer Activity
ET HUNTING HTTP GET Request for sqlite3.dll - Possible Infostealer Activity
ET HUNTING Possible Generic Stealer Sending System Information
|
|
7.2 |
M |
40 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7048 |
2023-11-17 18:36
|
Copia_de_la_demanda.wsf 7011eb5b696d312f9dc5d22b43e9ae59
Generic Malware Antivirus wget VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
1
http://178.73.218.10/envio.js
|
|
|
|
5.8 |
M |
5 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7049 |
2023-11-17 18:36
|
 minup.exe 3cedd61842d8ecbe2edce64e0f129a7e
.NET framework(MSIL) PE File PE64 .NET EXE VirusTotal Malware Check memory Checks debugger unpack itself |
|
|
|
|
2.2 |
M |
38 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 7050 |
2023-11-17 18:34
|
Copia_de_la_demanda.wsf 3c96de6adfa3e3cc9d2c8660b6e880c6
Generic Malware Antivirus wget VirusTotal Malware powershell suspicious privilege Check memory Checks debugger Creates shortcut unpack itself suspicious process WriteConsoleW Windows ComputerName Cryptographic key |
2
http://192.168.56.102:5357/017bd04f-b3bf-45b6-8167-9e8f41ff87bf/
http://178.73.218.10/envio.js
|
|
|
|
5.8 |
M |
2 |
ZeroCERT
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|